CVE-2023-26083

Name of the Vulnerable Software and Affected Versions Arm Mali GPU Kernel Driver versions r6p0 through r32p0 Arm Mali GPU Kernel Driver versions r0p0 through r42p0 Arm Mali GPU Kernel Driver versions r19p0 through r42p0 Arm Mali GPU Kernel Driver versions r41p0 through r42p0

Description A memory leak exists in the Mali GPU Kernel Driver, specifically within the Midgard, Bifrost, Valhall, and Avalon GPU Kernel Drivers. This issue allows a non-privileged user to perform valid GPU processing operations that expose sensitive kernel metadata. The vulnerability involves a kernel address disclosure in the Mali GPU drivers, where raw kernel pointers are logged into a timeline stream ring buffer. This detail expands the attack surface and may lead to similar issues in other areas. The issue has been exploited in the wild, and reports indicate that a previous attempt to address the issue was improper. There is no information available regarding the number of affected devices.

Recommendations Versions r6p0 through r32p0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Versions r0p0 through r42p0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Versions r19p0 through r42p0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Versions r41p0 through r42p0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.